[CentOS] Best way to secure apache web root
Geerd-Dietger Hoffmann
ribalba at gmail.com
Mon Nov 30 06:49:26 UTC 2009
Hey
On Fri, Nov 27, 2009 at 10:46 AM, Stephen Nelson-Smith
<stephen at atalanta-systems.com> wrote:
> I have a site running drupal. The apache user therefore needs to be
> able to write certain files (CSS files for example).
>
> I also have a directory under my web root which is a SAN mount, to
> which apache must be able to write.
>
> What is the most secure way to implement this?
>
> I am thinking:
>
> chown -R root:apache /var/www/html
> chmod -R 0750 /var/www/html
> chown apache:apache for where need to write
>
> Is there a better way?
This might be an idea
http://www.faqs.org/docs/securing/chap29sec254.html
and this
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-acls.html
of course disabling execution of files in your upload dir is really important.
Cheers Didi
--
My www page: www.ribalba.de
Email / Jabber: ribalba at gmail.com
Skype : ribalba
More information about the CentOS
mailing list